CN111031537A - Wireless local area network management system for preventing illegal user access - Google Patents

Wireless local area network management system for preventing illegal user access Download PDF

Info

Publication number
CN111031537A
CN111031537A CN202010030530.6A CN202010030530A CN111031537A CN 111031537 A CN111031537 A CN 111031537A CN 202010030530 A CN202010030530 A CN 202010030530A CN 111031537 A CN111031537 A CN 111031537A
Authority
CN
China
Prior art keywords
local area
area network
user terminal
wireless
wireless local
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202010030530.6A
Other languages
Chinese (zh)
Inventor
熊亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN202010030530.6A priority Critical patent/CN111031537A/en
Publication of CN111031537A publication Critical patent/CN111031537A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3218Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Small-Scale Networks (AREA)

Abstract

The invention relates to the technical field of wireless local area network management, and discloses a wireless local area network management system for preventing illegal user access, which comprises: wireless control equipment C, wireless access equipment M and user terminal equipment U running with wireless local area network management system softwarei(ii) a When the user terminal equipment UiWhen detecting the network signal of the wireless local area network provided by the wireless access device M and sending a request to the wireless access device M for accessing into the wireless local area network, the wireless local area network management system of the wireless control device C adopts a user authentication method based on zero knowledge certification to the user terminal device UiThe identity of the user is authenticated, and only the user terminal equipment UiAccess to the wireless lan is allowed through the wireless access device M only after the authentication of (2) is passed. The invention solves the technical problem that the existing wireless local area network management system can not carry out safety verification on the identity of the client user accessing the wireless local area network.

Description

Wireless local area network management system for preventing illegal user access
Technical Field
The invention relates to the technical field of wireless local area network management, in particular to a wireless local area network management system for preventing illegal user access.
Background
The wireless network uses electromagnetic waves as a transmission medium, and signals of the wireless network are transmitted in an open space, so that the signals of the wireless network can be received within a proper signal coverage range as long as a proper wireless client device is provided. Due to this transmission characteristic of wireless networks, wireless networks cannot secure communications by securing communication lines in a manner similar to wired networks.
The Windows operating system basically has a function of automatically searching for a wireless network, and as long as the wireless network is basically known, an unauthorized user or hacker can access a found wireless network through general attack or by means of an attack tool for the wireless network which is not protected or has a low security level. Once accessed, an illegal user occupies the network broadband of a legal user, and even a malicious illegal user changes the setting of a router, so that the legal user cannot normally log in, and a purposeful illegal access person can also invade a computer of the legal user to steal related information.
Disclosure of Invention
Technical problem to be solved
Aiming at the defects of the prior art, the invention provides a wireless local area network management system for preventing illegal user access, which aims to solve the technical problem that the identity of a client user accessing a wireless local area network cannot be safely verified in the conventional wireless local area network management system.
(II) technical scheme
In order to achieve the purpose, the invention provides the following technical scheme:
a wireless local area network management system for preventing illegal user access comprises: wireless control equipment C, wireless access equipment M and user terminal equipment U running with wireless local area network management system softwarei
When the user terminal equipment UiWhen detecting the network signal of the wireless local area network provided by the wireless access device M and sending a request to the wireless access device M for accessing into the wireless local area network, the wireless local area network management system of the wireless control device C adopts a user authentication method based on zero knowledge certification to the user terminal device UiThe authentication method of the wireless local area network management system comprises the following steps:
the method comprises the following steps: user terminal device UiPerforming user registration on a wireless local area network management system of the wireless control device C, specifically:
(a) management system of wireless local area network in binary domain
Figure BDA0002364137280000021
Upper selected a curve Op(a, b) in the curve Op(a, b) randomly selecting a point E as a base point, and returning the base point E to the user terminal equipment Ui
(b) User terminal device UiIn the binary field
Figure BDA0002364137280000024
Selecting a private key W, calculating a public key W (wE), and transmitting the public key W to a wireless local area network management system;
step two: wireless local network management system of wireless control equipment C for user terminal equipment UiThe identity of the user is authenticated, and the specific authentication process is as follows:
(a) user terminal device UiIn the binary field
Figure BDA0002364137280000022
Selecting a random number y at random, calculating E1D is yE, so that E1At curve OpAt (a, b), adding E1Transmitting to a wireless local area network management system;
(b) the WLAN management system randomly generates in binary field
Figure BDA0002364137280000023
The random number c is returned to the user terminal equipment Ui
(c) User terminal device UiCalculating S as y + cw, and transmitting S to the wireless local area network management system;
(d) wireless local area network management system verification user terminal device UiIf SE ═ E1If + cW is true, it indicates that the authentication is passed, i.e. the user terminal device UiIdentity is legal, allowing user terminal equipment UiAnd accessing into the wireless local area network through the wireless access device M.
Further, the wireless control device C is used for the user terminal device UiThe identity of the user terminal equipment U is authenticated and legal user terminal equipment U is allowediAccess to wireless LAN and reject illegal user terminal device UiAccess to wireless local areaAnd (4) in the network.
Further, the main functions of the wireless access device M are to provide network signals and access policies of the wireless local area network.
Further, the user terminal device UiIs used for acquiring network signals of the wireless local area network and is used for accessing the network of the wireless local area network.
(III) advantageous technical effects
Compared with the prior art, the invention has the following beneficial technical effects:
in the invention, when user terminal equipment U is usediWhen detecting the network signal of the wireless local area network provided by the wireless access device M and sending a request to the wireless access device M for accessing into the wireless local area network, the wireless local area network management system of the wireless control device C adopts a user authentication method based on zero knowledge certification to the user terminal device UiThe identity of the user is authenticated, and only the user terminal equipment UiAccess to the wireless local area network is allowed through the wireless access device M only after the authentication of the identity of the access point M passes;
and at the user terminal device UiAfter the identity authentication is completed, the wireless lan management system of the wireless control device C only knows the user terminal device UiIs not aware of the wireless AP device U, whether the identity of (b) is legitimateiPrivate key w of, i.e. user terminal device UiThe identity authentication is completed on the premise of not revealing the private key w of the user;
therefore, the technical problem that the identity of a client user accessing the wireless local area network cannot be safely verified in the conventional wireless local area network management system is solved.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
A wireless local area network management system for preventing illegal user access comprises: wireless control equipment C, wireless access equipment M and user terminal equipment U running with wireless local area network management system softwarei
The wireless control equipment C is used for the user terminal equipment UiThe identity of the user terminal equipment U is authenticated and legal user terminal equipment U is allowediAccess to wireless LAN and reject illegal user terminal device UiAccessing into a wireless local area network;
the main functions of the wireless access device M are to provide network signals and access policies of the wireless local area network;
user terminal device UiThe main functions of the system are used for acquiring network signals of the wireless local area network and accessing into the network of the wireless local area network;
when the user terminal equipment UiWhen detecting the network signal of the wireless local area network provided by the wireless access device M and sending a request to the wireless access device M for accessing into the wireless local area network, the wireless local area network management system of the wireless control device C adopts a user authentication method based on zero knowledge certification to the user terminal device UiThe identity of (2) is authenticated;
when the user terminal equipment UiIf the identity authentication is legal, the wireless local area network management system of the wireless control equipment C allows the user terminal equipment UiAccessing to a wireless local area network through a wireless access device M;
when the user terminal equipment UiIf the identity authentication is illegal, the wireless local area network management system of the wireless control device C does not allow the user terminal device UiAccessing to a wireless local area network through a wireless access device M;
the user authentication method of the wireless local area network management system comprises the following steps:
the method comprises the following steps: user terminal device UiPerforming user registration on the wireless local area network management system of the wireless control device C, specifically:
(a) The wireless local area network management system pops up and user terminal equipment U on the registration pageiA dialog box for interactive communication;
(b) management system of wireless local area network in binary domain
Figure BDA0002364137280000051
Upper selected a curve Op(a, b) in the curve Op(a, b) randomly selecting a point E as a base point, and displaying the base point E in the dialog box, namely returning the base point E to the user terminal equipment Ui
(c) User terminal device UiIn the binary field
Figure BDA0002364137280000052
Selecting a private key W, calculating a public key W (wE), and inputting the public key W into a dialog box, namely transmitting the public key W to a wireless local area network management system;
the private key w is the only legal certification key and is the user terminal device UiThe private key w is owned independently, namely the wireless local area network management system does not know the private key w;
step two: when the user terminal equipment UiWhen detecting a network signal of the wireless lan provided by the wireless access device M and transmitting a request to the wireless access device M for access to the wireless lan, the wireless lan management system of the wireless control device C starts to access the user terminal device UiThe identity of the user is authenticated, and the specific authentication process is as follows:
(a) the wireless local area network management system pops up and user terminal equipment U on the verification pageiA dialog box for interactive communication;
(b) user terminal device UiIn the binary field
Figure BDA0002364137280000062
Selecting a random number y at random, calculating E1D is yE, so that E1At curve OpAt (a, b), adding E1Inputting the data into a dialog box;
(c) wireless local area network managementSystem random generation in binary field
Figure BDA0002364137280000061
The random number c is displayed in a dialog box, namely returned to the user terminal equipment Ui
(d) User terminal device UiCalculating S as y + cw, and inputting S into the dialog box;
(e) wireless local area network management system verification user terminal device UiIf SE ═ E1If + cW is true, it indicates that the authentication is passed, i.e. the user terminal device UiThe identity is legal, and the wireless local area network management system allows the user terminal equipment UiAccessing to a wireless local area network through a wireless access device M;
if SE ═ E1If + cW is not established, it indicates that the verification is not passed, i.e. the user terminal device UiIllegal identity, disallowing user terminal equipment UiAccessing to a wireless local area network through a wireless access device M;
the interactive communication dialog box has a traceless communication function, namely all interactive communication contents in the dialog box have no backup record.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (4)

1. A wireless local area network management system for preventing illegal user access is characterized by comprising: wireless control equipment C, wireless access equipment M and user terminal equipment U running with wireless local area network management system softwarei
When the user terminal equipment UiOf the radio control device C upon detection of a network signal of the radio LAN provided by the radio access device M and transmission of a request to access the radio LAN to the radio access device MUser authentication method based on zero knowledge proof for user terminal device U in wireless LAN management systemiThe identity of (2) is authenticated, and the authentication method comprises the following steps:
the method comprises the following steps: user terminal device UiPerforming user registration on a wireless local area network management system of the wireless control device C, specifically:
(a) management system of wireless local area network in binary domain
Figure FDA0002364137270000011
Upper selected a curve Op(a, b) in the curve Op(a, b) randomly selecting a point E as a base point, and returning the base point E to the user terminal equipment Ui
(b) User terminal device UiIn the binary field
Figure FDA0002364137270000012
Selecting a private key W, calculating a public key W (wE), and transmitting the public key W to a wireless local area network management system;
step two: wireless local network management system of wireless control equipment C for user terminal equipment UiThe identity of the user is authenticated, and the specific authentication process is as follows:
(a) user terminal device UiIn the binary field
Figure FDA0002364137270000013
Selecting a random number y at random, calculating E1D is yE, so that E1At curve OpAt (a, b), adding E1Transmitting to a wireless local area network management system;
(b) the WLAN management system randomly generates in binary field
Figure FDA0002364137270000014
The random number c is returned to the user terminal equipment Ui
(c) User terminal device UiCalculating S as y + cw, and transmitting S to the wireless local area network management system;
(d) wireless local area network management system verification user terminal device UiIf SE ═ E1+ cW is established, which shows that the authentication is passed, proving that the user terminal equipment U isiIf the identity is legal, the user terminal equipment U is allowediAnd accessing into the wireless local area network through the wireless access device M.
2. The wlan management system according to claim 1, wherein the radio control device C is configured to control the user terminal device UiThe identity of the user terminal equipment U is authenticated and legal user terminal equipment U is allowediAccess to wireless LAN and reject illegal user terminal device UiAnd accessing into the wireless local area network.
3. The management system of wireless lan management as claimed in claim 2, wherein the main functions of the wireless access device M are to provide network signals and access policies of the wireless lan.
4. The WLAN management system according to claim 3, wherein the UE U is configured to perform a call through the WLANiIs used for acquiring network signals of the wireless local area network and is used for accessing the network of the wireless local area network.
CN202010030530.6A 2020-01-13 2020-01-13 Wireless local area network management system for preventing illegal user access Withdrawn CN111031537A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010030530.6A CN111031537A (en) 2020-01-13 2020-01-13 Wireless local area network management system for preventing illegal user access

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010030530.6A CN111031537A (en) 2020-01-13 2020-01-13 Wireless local area network management system for preventing illegal user access

Publications (1)

Publication Number Publication Date
CN111031537A true CN111031537A (en) 2020-04-17

Family

ID=70198865

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010030530.6A Withdrawn CN111031537A (en) 2020-01-13 2020-01-13 Wireless local area network management system for preventing illegal user access

Country Status (1)

Country Link
CN (1) CN111031537A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111695147A (en) * 2020-05-13 2020-09-22 刘中恕 Data security management system based on cloud storage technology
CN111818015A (en) * 2020-06-10 2020-10-23 胡全生 Security protection system suitable for remote node access
CN112865974A (en) * 2021-01-20 2021-05-28 杨雯雯 Safety protection system based on edge computing access equipment

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111695147A (en) * 2020-05-13 2020-09-22 刘中恕 Data security management system based on cloud storage technology
CN111818015A (en) * 2020-06-10 2020-10-23 胡全生 Security protection system suitable for remote node access
CN112865974A (en) * 2021-01-20 2021-05-28 杨雯雯 Safety protection system based on edge computing access equipment

Similar Documents

Publication Publication Date Title
CN111031537A (en) Wireless local area network management system for preventing illegal user access
US20060037064A1 (en) System, method and program to filter out login attempts by unauthorized entities
Gupta et al. Security threats of wireless networks: A survey
CN108924122B (en) Network friend or foe identification method and system
CN110830447A (en) SPA single packet authorization method and device
CN110830446A (en) SPA security verification method and device
CN109995769B (en) Multi-stage heterogeneous trans-regional full-real-time safety management and control method and system
CN110611682A (en) Network access system, network access method and related equipment
CN111212430A (en) Wireless local area network protection system based on zero knowledge proof
CN101764788B (en) Safe access method based on extended 802.1x authentication system
CN114025350B (en) Dual authentication method based on password and frequency offset
CN111935067A (en) Enterprise user identity authentication system based on cloud computing technology
WO2018036221A1 (en) Wireless network security verification device, method thereof, and router
Khasanova Detection of attacks on Wi-Fi access points
CN111405548B (en) Fishing wifi detection method and device
Anmulwar et al. Rogue access point detection methods: A review
CN112073968A (en) Full-model pseudo AP detection method and detection device based on phase error drift range
CN111711603A (en) Identity authentication system based on terminal equipment of Internet of things
CN114915427B (en) Access control method, device, equipment and storage medium
US9100429B2 (en) Apparatus for analyzing vulnerability of wireless local area network
CN110831000A (en) Secure access method, device and system
Chen et al. Development and implementation of anti phishing wi-fi and information security protection app based on android
CN111064731B (en) Identification method and identification device for access authority of browser request and terminal
Setiadji et al. Lightweight method for detecting fake authentication attack on Wi-Fi
KR100656519B1 (en) System and Method for Authentication in Network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20200417